A mobile-security firm Bluebox claimed that the brand new Xiaomi Mi4 LTE comes pre-installed with spyware and a vulnerable version of Android operating system on top of it. Xiaomi responded to Bluebox Labs by preparing a lengthy denial to their claims and said the new Mi4 smartphone purchased by Bluebox team in China (known as the birthplace of fake smartphones) was not an original Xiaomi smartphone but a counterfeit product. Xiaomi also assured its customers that their devices neither come rooted, nor have any malware.
Source: https://thehackernews.com/2015/03/xiaomi-mobile-security.html